security/manager/ssl/tests/unit/test_builtins.js

   1 // Any copyright is dedicated to the Public Domain.
   2 // http://creativecommons.org/publicdomain/zero/1.0/
   3 "use strict";
   4
   5 // Tests that use a mock builtins module.
   6
   7 // Ensure that the appropriate initialization has happened.
   8 do_get_profile();
   9 const gCertDb = Cc["@mozilla.org/security/x509certdb;1"].getService(
  10   Ci.nsIX509CertDB
  11 );
  12
  13 add_setup(function load_nssckbi_testlib() {
  14   let moduleName = "Mock Builtins";
  15   let libraryName = "test_builtins";
  16
  17   checkPKCS11ModuleNotPresent(moduleName, libraryName);
  18
  19   let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
  20   libraryFile.append("test_builtins");
  21   libraryFile.append(ctypes.libraryName(libraryName));
  22   loadPKCS11Module(libraryFile, moduleName, true);
  23   let testModule = checkPKCS11ModuleExists(moduleName, libraryName);
  24
  25   // Check that listing the slots for the test module works.
  26   let testModuleSlotNames = Array.from(
  27     testModule.listSlots(),
  28     slot => slot.name
  29   );
  30   testModuleSlotNames.sort();
  31   const expectedSlotNames = ["NSS Builtin Objects"];
  32   deepEqual(
  33     testModuleSlotNames,
  34     expectedSlotNames,
  35     "Actual and expected slot names should be equal"
  36   );
  37 });
  38
  39 add_task(async function test_distrust_after() {
  40   let ee_pre_distrust_cert = addCertFromFile(
  41     gCertDb,
  42     "test_builtins/ee-notBefore-2021.pem",
  43     ",,"
  44   );
  45   notEqual(
  46     ee_pre_distrust_cert,
  47     null,
  48     "EE cert should have successfully loaded"
  49   );
  50
  51   let ee_post_distrust_cert = addCertFromFile(
  52     gCertDb,
  53     "test_builtins/ee-notBefore-2023.pem",
  54     ",,"
  55   );
  56   notEqual(
  57     ee_post_distrust_cert,
  58     null,
  59     "EE cert should have successfully loaded"
  60   );
  61
  62   let int_cert = addCertFromFile(gCertDb, "test_builtins/int.pem", ",,");
  63   notEqual(int_cert, null, "Intermediate cert should have successfully loaded");
  64
  65   // A certificate with a notBefore before the distrustAfter date
  66   // should verify.
  67   await checkCertErrorGeneric(
  68     gCertDb,
  69     ee_pre_distrust_cert,
  70     PRErrorCodeSuccess,
  71     certificateUsageSSLServer
  72   );
  73
  74   // A certificate with a notBefore after the distrustAfter date
  75   // should not verify.
  76   await checkCertErrorGeneric(
  77     gCertDb,
  78     ee_post_distrust_cert,
  79     MOZILLA_PKIX_ERROR_ISSUER_NO_LONGER_TRUSTED,
  80     certificateUsageSSLServer
  81   );
  82 });